CVE-2026-43043

Source
https://cve.org/CVERecord?id=CVE-2026-43043
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43043.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43043
Downstream
Published
2026-05-01T14:15:39.576Z
Modified
2026-06-18T03:55:59.852666314Z
Summary
crypto: af-alg - fix NULL pointer dereference in scatterwalk
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: af-alg - fix NULL pointer dereference in scatterwalk

The AFALG interface fails to unmark the end of a Scatter/Gather List (SGL) when chaining a new afalgtsgl structure. If a sendmsg() fills an SGL exactly to MAXSGL_ENTS, the last entry is marked as the end. A subsequent sendmsg() allocates a new SGL and chains it, but fails to clear the end marker on the previous SGL's last data entry.

This causes the crypto scatterwalk to hit a premature end, returning NULL on sg_next() and leading to a kernel panic during dereference.

Fix this by explicitly unmarking the end of the previous SGL when performing sgchain() in afalgalloctsgl().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43043.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8ff590903d5fc7f5a0a988c38267a3d08e6393a2
Fixed
f48d3dd99199180cf37d6253550c55e86372309a
Fixed
f9acceae7b004956851fd4268edf9f518a9bce04
Fixed
7195350fb78538c25cd790d703f8f2c73ee0d395
Fixed
7cdf2c6381b21ab5ccf8116750d5582fcd6c0f49
Fixed
44eafa39363e8d5dfda6a8c6eb6b45458ed4b948
Fixed
00cbdec17c15d024a1c5002c7365df7624a18a75
Fixed
4b03ab0a587ec57eb7ddb5c115d84a42896f60f7
Fixed
62397b493e14107ae82d8b80938f293d95425bcb

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43043.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.38
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.168
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.134
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.81
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.22
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43043.json"